> -----Original Message----- > From: Rickard Öberg [mailto:[EMAIL PROTECTED]] > > The argument against .action invocation, then, is only with regard to > declarative security. Would it be ok to declare what roles > may access it > in xwork.xml? (both on action and package level)
That's the argument against .action invocation with any path. If we pin actions to certain paths in the config files, as I've proposed, then this is not an issue. > > One nice thing about that is that the information could be > used by many > different invokers, as opposed to the declarative security through > web.xml option which only works for the web case. Then you have to synchronize your roles in web.xml with the roles in xwork.xml. Plus, your servlet container can't automatically determine that you aren't logged in when you try to access a secured area and pop up the log-in prompt or load the log-in form. Jason ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Opensymphony-webwork mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/opensymphony-webwork
